Using the AES-GMAC Algorithm with the Cryptographic Message Syntax (CMS)
RFC 9044
Yes
No Objection
Note: This ballot was opened for revision 03 and is now closed.
Roman Danyliw Yes
Alvaro Retana No Objection
Erik Kline No Objection
Martin Duke No Objection
Murray Kucherawy No Objection
Robert Wilton No Objection
Easy to read and understand. Thank you.
Warren Kumari No Objection
Thank you - even I understood some of it :-)
Éric Vyncke No Objection
(Alissa Cooper; former steering group member) No Objection
(Barry Leiba; former steering group member) No Objection
(Benjamin Kaduk; former steering group member) No Objection
Section 7 Implementers should be aware that cryptographic algorithms become weaker with time. As new cryptanalysis techniques are developed and computing performance improves, the work factor to break a particular cryptographic algorithm will reduce. Therefore, cryptographic algorithm implementations should be modular allowing new algorithms to be readily inserted. That is, implementers should be prepared to regularly update the set of algorithms in their implementations. I think that BCP 201 is a good reference for further reading here. Section 8.2 If we're importing ASN.1 bits from RFC 5912, doesn't that make it a normative reference?
(Deborah Brungard; former steering group member) No Objection
(Magnus Westerlund; former steering group member) No Objection
Should there be any comments in the security consideration section about the security implications of using 96-bit truncated tags? I know that shorter tags have significant vulnerabilities against forgery attempts where successful forgery can be detected. John Mattsson and I wrote a paper identifying why shorter tags would be very bad in SRTP in 2015. https://eprint.iacr.org/2015/477.pdf I guess the possibility to figure out if CMS forgery attempts are successful depends on what the CMS is used for.
(Martin Vigoureux; former steering group member) No Objection